0d7ab16306efcc558dbcdaf24067b95f48c6c9e4d1ce094af0906dd28768dbeb

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05-08-2023 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bfd1cf30ca9bd31543ebc20c1feafe3_cryptolocker_JC.exe
Size

55KB
MD5

7bfd1cf30ca9bd31543ebc20c1feafe3
SHA1

c386a5df9b0cf37f7c418abd1f6116fcf8e8db59
SHA256

0d7ab16306efcc558dbcdaf24067b95f48c6c9e4d1ce094af0906dd28768dbeb
SHA512

6b438ebe1b2f0e6c7b7d9ff381b4a22b864158c6c7cb9bcc14651000f58a1e6269d61db543621135606e10660ff0067a9ace478c08a8017f269651669cdbc3ab
SSDEEP

768:79inqyNR/QtOOtEvwDpjBK/iVTab3GRuv3VylcbgMv7:79mqyNhQMOtEvwDpjBPY7xv3g1Mv7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1724	asih.exe

Loads dropped DLL 1 IoCs

pid	Process
2312	7bfd1cf30ca9bd31543ebc20c1feafe3_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1724	2312	7bfd1cf30ca9bd31543ebc20c1feafe3_cryptolocker_JC.exe	28
PID 2312 wrote to memory of 1724	2312	7bfd1cf30ca9bd31543ebc20c1feafe3_cryptolocker_JC.exe	28
PID 2312 wrote to memory of 1724	2312	7bfd1cf30ca9bd31543ebc20c1feafe3_cryptolocker_JC.exe	28
PID 2312 wrote to memory of 1724	2312	7bfd1cf30ca9bd31543ebc20c1feafe3_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\7bfd1cf30ca9bd31543ebc20c1feafe3_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\7bfd1cf30ca9bd31543ebc20c1feafe3_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\asih.exe
  "C:\Users\Admin\AppData\Local\Temp\asih.exe"
  2⤵
  - Executes dropped EXE
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
55KB

MD5
dbbd226cd090375fd658a76028d31839

SHA1
49ab15cac624c3f3d3215ebafca7ec0125499e87

SHA256
0a9da9c37f1f9d8438b93f4855580a04e22cadb06b592d7b8b5ae17b3428738e

SHA512
29f7384b72a33d315c11164858846971e8f7f6354d596a2b922f87b2b1515a91dcaad706c2f2ae1de91c2d90ead0b475829002f137ab791cd2c634510687acb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
55KB

MD5
dbbd226cd090375fd658a76028d31839

SHA1
49ab15cac624c3f3d3215ebafca7ec0125499e87

SHA256
0a9da9c37f1f9d8438b93f4855580a04e22cadb06b592d7b8b5ae17b3428738e

SHA512
29f7384b72a33d315c11164858846971e8f7f6354d596a2b922f87b2b1515a91dcaad706c2f2ae1de91c2d90ead0b475829002f137ab791cd2c634510687acb6

Download Submit
\Users\Admin\AppData\Local\Temp\asih.exe

Filesize
55KB

MD5
dbbd226cd090375fd658a76028d31839

SHA1
49ab15cac624c3f3d3215ebafca7ec0125499e87

SHA256
0a9da9c37f1f9d8438b93f4855580a04e22cadb06b592d7b8b5ae17b3428738e

SHA512
29f7384b72a33d315c11164858846971e8f7f6354d596a2b922f87b2b1515a91dcaad706c2f2ae1de91c2d90ead0b475829002f137ab791cd2c634510687acb6

Download Submit
memory/1724-69-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/1724-71-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/1724-72-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download
memory/1724-79-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2312-53-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download
memory/2312-55-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2312-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2312-62-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2312-68-0x0000000000500000-0x000000000050F000-memory.dmp

Filesize
60KB

Download